php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #23681 Unclear error msg. when PHPSESSID manually deleted from URL by user
Submitted: 2003-05-18 10:41 UTC Modified: 2012-02-21 07:39 UTC
Votes:12
Avg. Score:4.8 ± 0.6
Reproduced:11 of 11 (100.0%)
Same Version:1 (9.1%)
Same OS:4 (36.4%)
From: php at lapage dot com Assigned: sas (profile)
Status: Closed Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2003-05-18 10:41 UTC] php at lapage dot com 
Request for a better error msg.

If the user disables cookies and changes the URL to
http://domain.tld/form.php?PHPSESSID=

Then the resulting Apache 1.3 error log reads:

PHP Warning:  session_start(): The session id contains illegal characters, valid characters are only a-z, A-Z and 0-9 in /zz/zzdomain/www/form.php on line 3

PHP Warning:  Unknown(): The session id contains illegal characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0

PHP Warning:  Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp_php/zzdomainzz) in Unknown on line 0



<?php
  session_start();
  @$ct= ++$_SESSION['count'];
  echo<<<EOF
[$ct]<br><form method="get">
See hidden input<input type="submit" name="submit" value="Test"></form>
<a href="$PHP_SELF?foo=bar">See new href</a>
EOF;
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-20 03:16 UTC] derick@php.net 
I'm all for making this a notice instead, assigning to Sascha as he's the maintainer of ext/session.

Derick
 [2010-12-20 13:58 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related -Operating System: Linux +Operating System: * -PHP Version: 4.3.1 +PHP Version: *
 [2012-02-21 07:39 UTC] rasmus@php.net
-Status: Assigned +Status: Closed
 [2012-02-21 07:39 UTC] rasmus@php.net 
This code has all been rewritten long ago and this issue is no longer present.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 22:01:28 2024 UTC